s19.实战案例:实现DNS从服务器

Raymond运维
157 阅读2分钟

本文已参与「新人创作礼」活动, 一起开启掘金创作之路。

1.实战案例:实现DNS从服务器

1.1 实验目的

搭建DNS主从服务器架构,实现DNS服务冗余

1.2 环境要求

需要四台主机
DNS主服务器:172.31.1.8
DNS从服务器:172.31.1.18
web服务器:172.31.0.7
DNS客户端:172.31.0.17

1.3 前提准备

关闭SElinux
关闭防火墙
时间同步

1.4 实现步骤

1.4.1 主DNS服务端配置

[root@rocky8 ~]# yum -y install bind
​
[root@rocky8 ~]# vim /etc/named.conf
options {
//  listen-on port 53 { 127.0.0.1; }; #注释掉这行
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    secroots-file   "/var/named/data/named.secroots";
    recursing-file  "/var/named/data/named.recursing";
//  allow-query     { localhost; }; #注释掉这行
    allow-transfer { 172.31.1.18; };  #添加这行,只允许从服务器进行区域传输
​
[root@rocky8 ~]# vim /etc/named.rfc1912.zones
#加上这段
zone "raymonds.cc" {
    type master;
    file "raymonds.cc.zone";                               
};
​
​
[root@rocky8 ~]# cp -p /var/named/named.localhost /var/named/raymonds.cc.zone
#如果没有-p,需要改权限。chgrp named raymonds.cc.zone
​
[root@rocky8 ~]# vim /var/named/raymonds.cc.zone 
$TTL 1D
@   IN SOA master admin.raymonds.cc. (
          1 ; serial
          1D ; refresh
          1H ; retry
          1W ; expire
          3H ) ; minimum
          NS master
          NS slave
master  A 172.31.1.8
slave   A 172.31.1.18
www     A 172.31.0.7
​
[root@rocky8 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.

1.4.2 从DNS服务器配置

[root@rocky8-2 ~]# yum -y install bind
​
[root@rocky8-2 ~]# vim /etc/named.conf
options {
//  listen-on port 53 { 127.0.0.1; }; #注释掉这行
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    secroots-file   "/var/named/data/named.secroots";
    recursing-file  "/var/named/data/named.recursing";
//  allow-query     { localhost; }; #注释掉这行
    allow-transfer { none;};  #添加这行,不允许其它主机进行区域传输
​
[root@rocky8-2 ~]# vim /etc/named.rfc1912.zones
zone "raymonds.cc" {
    type slave;
    masters { 172.31.1.8; }; #主服务器地址
    file "slaves/raymonds.cc.zone.slave";                               
};
​
[root@rocky8-2 ~]# systemctl enable --now named
Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
​
[root@rocky8-2 ~]# ll /var/named/slaves/
total 4
-rw-r--r-- 1 named named 285 Dec  5 18:17 raymonds.cc.zone.slave #查看区域数据库文件是否生成

1.4.3 实现WEB服务

[root@centos7 ~]# yum -y install httpd;systemctl enable --now httpd;echo www.raymonds.cc > /var/www/html/index.html

1.4.4 客户端测试主从DNS服务架构

[root@centos7-2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DNS1=172.31.1.8                           
DNS2=172.31.1.18[root@centos7-2 ~]# nmcli con reload
[root@centos7-2 ~]# nmcli con up eth0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
​
[root@centos7-2 ~]# cat /etc/resolv.conf 
# Generated by NetworkManager
nameserver 172.31.1.8
nameserver 172.31.1.18
​
#验证从DNS服务器是否可以查询
[root@centos7-2 ~]# dig www.raymonds.cc
-bash: dig: command not found
[root@centos7-2 ~]# yum -y install bind-utils
[root@centos7-2 ~]# dig www.raymonds.cc
​
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.8 <<>> www.raymonds.cc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11213
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
​
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.raymonds.cc.       IN  A
​
;; ANSWER SECTION:
www.raymonds.cc.    86400   IN  A   172.31.0.7
​
;; AUTHORITY SECTION:
raymonds.cc.        86400   IN  NS  master.raymonds.cc.
raymonds.cc.        86400   IN  NS  slave.raymonds.cc.
​
;; ADDITIONAL SECTION:
master.raymonds.cc. 86400   IN  A   172.31.1.8
slave.raymonds.cc.  86400   IN  A   172.31.1.18
​
;; Query time: 0 msec
;; SERVER: 172.31.1.8#53(172.31.1.8)
;; WHEN: Sun Dec 05 18:28:34 CST 2021
;; MSG SIZE  rcvd: 133
[root@centos7-2 ~]# curl www.raymonds.cc
www.raymonds.cc
​
#在主服务器上停止DNS服务
[root@rocky8 ~]# systemctl stop named
​
#验证从DNS服务器仍然可以查询
[root@centos7-2 ~]# dig www.raymonds.cc
​
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.8 <<>> www.raymonds.cc
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5517
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
​
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.raymonds.cc.       IN  A
​
;; ANSWER SECTION:
www.raymonds.cc.    86400   IN  A   172.31.0.7
​
;; AUTHORITY SECTION:
raymonds.cc.        86400   IN  NS  master.raymonds.cc.
raymonds.cc.        86400   IN  NS  slave.raymonds.cc.
​
;; ADDITIONAL SECTION:
master.raymonds.cc. 86400   IN  A   172.31.1.8
slave.raymonds.cc.  86400   IN  A   172.31.1.18
​
;; Query time: 0 msec
;; SERVER: 172.31.1.18#53(172.31.1.18)
;; WHEN: Sun Dec 05 18:29:39 CST 2021
;; MSG SIZE  rcvd: 133
[root@centos7-2 ~]# curl www.raymonds.cc
www.raymonds.cc
avatar
文章
阅读
粉丝